diff options
| author | Paul Sherwood <paul.sherwood@codethink.co.uk> | 2016-08-21 21:48:32 +0100 |
|---|---|---|
| committer | Paul Sherwood <paul.sherwood@codethink.co.uk> | 2016-08-21 21:48:32 +0100 |
| commit | d9b0bcb11b8fbfd857dfbc2eb8862530d315e814 (patch) | |
| tree | 74778f3c65efcb98e0bb98bf3570e7681040e06c | |
| parent | 831c19f2f164ca88a75c55c734cee494c577e011 (diff) | |
| download | ybd-devel.tar.gz | |
First-pass at HTTPS supportdevel
| -rwxr-xr-x | kbas/__main__.py | 35 | ||||
| -rw-r--r-- | kbas/config/kbas.conf | 9 | ||||
| -rw-r--r-- | readme.md | 9 |
3 files changed, 41 insertions, 12 deletions
diff --git a/kbas/__main__.py b/kbas/__main__.py index 54e8063..c4a17a4 100755 --- a/kbas/__main__.py +++ b/kbas/__main__.py @@ -23,6 +23,7 @@ from time import strftime, gmtime from datetime import datetime import tempfile from bottle import Bottle, request, response, template, static_file +from bottle import server_names, ServerAdapter from subprocess import call from ybd import app, cache @@ -30,6 +31,20 @@ from ybd import app, cache bottle = Bottle() +class SSLServer(ServerAdapter): + def run(self, handler): + from cherrypy import wsgiserver + from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter + + server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) + + server.ssl_adapter = pyOpenSSLAdapter( + certificate=app.config.get('certificate'), + private_key=app.config.get('private-key'), + certificate_chain=app.config.get('certificate-chain')) + server.start() + + class KeyedBinaryArtifactServer(object): ''' Generic artifact cache server @@ -44,18 +59,18 @@ class KeyedBinaryArtifactServer(object): app.config['last-upload'] = datetime.now() try: - import cherrypy - server = 'cherrypy' + server_names['sslserver'] = SSLServer + bottle.run(host=app.config['host'], + port=app.config['port'], + server='sslserver') except: server = 'wsgiref' - - # for development: - if app.config.get('mode') == 'development': - bottle.run(server=server, host=app.config['host'], - port=app.config['port'], debug=True, reloader=True) - else: - bottle.run(server=server, host=app.config['host'], - port=app.config['port'], reloader=True) + if app.config.get('mode') == 'development': + bottle.run(server=server, host=app.config['host'], + port=app.config['port'], debug=True, reloader=True) + else: + bottle.run(server=server, host=app.config['host'], + port=app.config['port'], reloader=True) @bottle.get('/static/<filename>') def send_static(filename): diff --git a/kbas/config/kbas.conf b/kbas/config/kbas.conf index 2c7c5fd..b09489f 100644 --- a/kbas/config/kbas.conf +++ b/kbas/config/kbas.conf @@ -41,6 +41,15 @@ mode: development # directory to serve from artifact-dir: '/src/artifacts' +# To enable HTTPS, you need a certificate and private-key +# FIXME: and maybe a certificate-chain: ??? +# note if these values don't point to a valid file, kbas defaults to http +certificate: ./server.pem +private-key: ./server.pem + +# to populate the above, generate a cert and key in the working dir, eg: +# `openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes` + # ip address or hostmame of machine to serve on. 0.0.0.0 should work for most # cases... '0.0.0.0 means all IPv4 addresses on the local machine' host: 0.0.0.0 @@ -193,8 +193,13 @@ config for kbas follows the same approach as ybd, defaulting to config in kbas/config/kbas.conf -NOTE: the default password is 'insecure' and the uploading is disabled unless -you change it. +NOTE: + +- the default password is 'insecure' and the uploading is disabled unless +you change 'insecure' to be something else. + +- you should probably configure HTTPS too, by setting up a certificate and +private key. See the kbas/config/kbas.conf file for a basic example ``` |